Shutter 0.93.1 - Code Execution

Exploit Title: Shutter user-assisted remote code execution Date: 2016-12-26 Software Link: http://shutter-project.org/ Version: 0.93.1 Tested on: Ubuntu, Debian Exploit Author: Prajith P Website: http://prajith.in/ Author Mail: [email protected] CVE: CVE-2016-10081 1. Description. /usr/bin/shutter in...

Shutter 0.93.1 - Code Execution

Shutter 0.93.1 - Code Execution Exploit Title: Shutter user-assisted remote code execution Date: 2016-12-26 Software Link: http://shutter-project.org/ Version: 0.93.1 Tested on: Ubuntu, Debian Exploit Author: Prajith P Website: http://prajith.in/ Author Mail: [email protected] CVE: CVE-2016-10081 1...

[ASA-201611-13] shutter: arbitrary code execution

Arch Linux Security Advisory ASA-201611-13 ========================================== Severity: Medium Date : 2016-11-14 CVE-ID : CVE-2015-0854 Package : shutter Type : arbitrary code execution Remote : No Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package shutter before...

Shutter 'HelperFunctions.pm' Remote Code Execution Vulnerability

Shutter is a free and open source screenshot application for Linux-based systems. A remote code execution vulnerability exists in Shutter version 0.80 and above. A remote attacker can exploit this vulnerability to execute arbitrary code or cause a denial of service...

Mageia: Security Advisory (MGASA-2015-0380)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated shutter packages fix CVE-2015-0854

Updated shutter package fixes security vulnerability: In the "Shutter" screenshot application, it was discovered that using the "Show in folder" menu option while viewing a file with a specially-crafted path allows for arbitrary code execution with the permissions of the user running Shutter...

MGASA-2015-0380 Updated shutter packages fix CVE-2015-0854

Updated shutter package fixes security vulnerability: In the "Shutter" screenshot application, it was discovered that using the "Show in folder" menu option while viewing a file with a specially-crafted path allows for arbitrary code execution with the permissions of the user running Shutter...

FreeBSD : shutter -- arbitrary code execution (d45ad7ae-5d56-11e5-9ad8-14dae9d210b8)

Luke Farone reports : In the 'Shutter' screenshot application, I discovered that using the 'Show in folder' menu option while viewing a file with a specially crafted path allows for arbitrary code execution with the permissions of the user running Shutter. %NASLMINLEVEL 70300 C Tenable Network...

shutter -- arbitrary code execution

Luke Farone reports: In the "Shutter" screenshot application, I discovered that using the "Show in folder" menu option while viewing a file with a specially-crafted path allows for arbitrary code execution with the permissions of the user running Shutter...

GE Healthcare Precision THUNIS-800+ Trust Management Vulnerability

The GE Healthcare Precision THUNIS-800+ PT800+ is an all-in-one digital remote-controlled multifunction X-ray machine the device that produces the X-rays from General Electric GE for the medical industry. A security vulnerability exists in the GE Healthcare PT800+ that originates from the program...

CVE-2014-7233

GE Healthcare Precision THUNIS-800+ has a default password of 1 1973 for the factory default System Utilities menu, 2 TH8740 for installation using TH8740122Setup.exe, 3 hrml for "Setup and Activation" using DSASetup, and 4 an empty string for Shutter Configuration, which has unspecified impact a...

CVE-2014-3904

SQL injection vulnerability in lib/admin.php in tenfourzero Shutter 0.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2014-3905

Cross-site scripting XSS vulnerability in tenfourzero Shutter 0.1.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in tenfourzero Shutter 0.1.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Sql injection

SQL injection vulnerability in lib/admin.php in tenfourzero Shutter 0.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2014-3905

Cross-site scripting XSS vulnerability in tenfourzero Shutter 0.1.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-3904

SQL injection vulnerability in lib/admin.php in tenfourzero Shutter 0.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2014-3905

The CVE-2014-3905 issue affects tenfourzero Shutter version 0.1.4. It is described as a cross-site scripting (XSS) vulnerability that could allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. The included sources indicate that an administrator viewing a maliciou...

CVE-2014-3904

CVE-2014-3904 affects Shutter 0.1.4 (tenfourzero). The vulnerability is a SQL injection in lib/admin.php that enables remote attackers to execute arbitrary SQL commands via unspecified vectors. Impact is described as possible arbitrary SQL execution with administrative context, potentially affect...

Shutter vulnerable to SQL injection

Overview Shutter provided by tenfourzero is a web package allowing users to share their photos. lib/admin.php in Shutter contains a SQL injection vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...